iTunes Connect bug logs developers in to other developers’ accounts at random

This morning, a number of developers signed in to Apple’s iTunes Connect service only to be greeted by a list of apps that didn’t belong to them. TechCrunch has a good roundup of tweets from affected developers—it seems that whenever developers signed in with their credentials, they were being granted access to other developers’ accounts at random.
As of about noon Eastern today, Apple took the service down to resolve the problem. It also looks like developers won’t be able to submit new apps or invite new testers to TestFlight while iTunes Connect is down. Affected developers can check Apple’s System Status page for developers for updates while they wait for the problems to be resolved (no other developer services appear to be affected by the outage).
We don’t yet know whether the outage was caused by some error on Apple’s end or by a security breach like the one that brought all developer systems down in the summer of 2013. We’ve asked Apple when the service will be back and what caused the login problem in the first place, and we’ll update this article as we have new details.
Read on Ars Technica | Comments

CATEGORIES

Cyber Parse was created to provide knowledge to help everyone understand and deal with the ever increasing threats we all face by Cyber Crime (Malware, Social Engineering, Phishing and hacking).
Our purpose is to provide the right information to our readers by breaking down and communicating knowledge relating to Cyber Crime, Cyber Security, Information Security and Computer Security, then using Risk Management practices to help translate the technical aspects of the Risks, Threats, Vulnerabilities and controls to reduce the risk into business language.